WO2018176531A1 - Video request and video playing method and apparatus - Google Patents

Video request and video playing method and apparatus Download PDF

Info

Publication number
WO2018176531A1
WO2018176531A1 PCT/CN2017/081237 CN2017081237W WO2018176531A1 WO 2018176531 A1 WO2018176531 A1 WO 2018176531A1 CN 2017081237 W CN2017081237 W CN 2017081237W WO 2018176531 A1 WO2018176531 A1 WO 2018176531A1
Authority
WO
WIPO (PCT)
Prior art keywords
key value
video
target video
server
terminal
Prior art date
Application number
PCT/CN2017/081237
Other languages
French (fr)
Chinese (zh)
Inventor
周志刚
张文明
陈少杰
Original Assignee
武汉斗鱼网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 武汉斗鱼网络科技有限公司 filed Critical 武汉斗鱼网络科技有限公司
Publication of WO2018176531A1 publication Critical patent/WO2018176531A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25816Management of client data involving client authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25866Management of end-user data
    • H04N21/25875Management of end-user data involving end-user authentication

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a video request, a video playing method, and a device.
  • the live video broadcast is performed by using the Internet and streaming media technology, and then the video content provider has the video stream address obtained by the third-party platform, so that the video can be directly viewed without going through the live website, that is, the video player bypassing the live website.
  • the video provided is also played.
  • there are some paid video content for the live website For example, the ticket room of the live website can only be viewed when the ticket is purchased.
  • the VIP member can purchase the VIP video, so If the video stream address is stolen, the user who has not purchased the ticket can directly view the ticket room, and the user who does not purchase the VIP member can directly watch the VIP video, and also brings the risk of personal information leakage to the user.
  • the prior art encrypts the video stream address to prevent the video stream address from being stolen, but only the encrypted video stream address is easily cracked, so the video stream address is low in security. Video is easily obtained illegally.
  • the embodiment of the invention solves the technical problem of low video stream address security in the prior art by providing a video request, a video playing method and a device.
  • an embodiment of the present invention provides a video playing method, which is applied to a server, where the method includes:
  • a first Key value for characterizing a video type of the target video and a permission range for characterizing the viewing user if a viewing user corresponding to the user terminal has viewing rights to the target video a second Key value, or returning, to the user terminal, a first Key value for characterizing a video type of the target video, a second Key value for characterizing a permission range of the viewing user, and a random number;
  • the target video is returned to the user terminal.
  • the video stream address request carries the user identification letter of the viewing user
  • the method further includes:
  • the method further includes:
  • the received authentication key value is a terminal-side authentication key value for the target video.
  • the generating the server-side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group including:
  • a server side authentication key value for the target video including:
  • the request identifies the identifier group, including:
  • it also includes:
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes a permission range of the viewing user.
  • the live type identification code and the room identification code of the live network video are included in the request identification identifier group.
  • an embodiment of the present invention provides a video requesting method, which is applied to a user terminal, and includes:
  • the generating, according to the first key value and the second key value, a terminal side authentication key value for the target video and sending To the server including:
  • a terminal side authentication key value for the target video is sent to the server.
  • the generating, by the first key value, the second key value, and the request identification identifier group, a terminal side authentication key value for the target video including:
  • the request identification identifier group carried in the video stream address request includes:
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the permission range of the viewing user.
  • the video type identification code of each webcast video and the room identification code is not limited to the video type identification code.
  • an embodiment of the present invention provides a video playback device, which is applied to a server, where the video playback device includes:
  • An address request receiving module configured to receive a video stream address request for the target video sent by the user terminal
  • a Key value sending module configured to return, to the user terminal, a first Key value for characterizing a video type of the target video and for characterization if a viewing user corresponding to the user terminal has viewing rights to the target video Viewing a second Key value of the user's permission range, or returning to the user terminal a first Key value for characterizing the video type of the target video, and a second key for characterizing the permission range of the viewing user Value and random number;
  • a video returning module configured to receive, when used by the user terminal, a terminal-side authentication key value for the target video generated by using the first key value and the second key value, or for receiving a location Returning the target video to the user terminal when the terminal-side authentication key value for the target video generated by the user terminal is generated based on the first key value, the second key value, and the random number .
  • the device further includes:
  • the authority discriminating module is configured to determine, according to the correspondence between the user identification information and the permission range, whether the viewing user has viewing rights to the target video.
  • the device further includes:
  • An authentication key value generating module configured to generate a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, or Generating, by the first Key value, the second Key value, the random number, and the request identification identifier group, a server side authentication key value for the target video;
  • the authentication key value comparison module is configured to compare the received authentication key value with the server-side authentication key value of the target video, and if yes, the received authentication key value is The terminal side authentication key value of the target video.
  • the authentication key value generating module is specifically configured to:
  • the request identifies the identifier group, including:
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes a permission range of the viewing user.
  • the live type identification code and the room identification code of the live network video are included in the request identification identifier group.
  • an embodiment of the present invention provides a video requesting apparatus, which is applied to a user terminal, where the video requesting apparatus includes:
  • An address request sending module configured to send a video stream address request for the target video to the server
  • a Key value receiving module configured to receive a first Key value returned by the server for characterizing a video type of the target video, and a second Key value for characterizing a permission range of the viewing user, or for receiving Determining, by the server, a first Key value for characterizing a video type of the target video, a second Key value for characterizing a permission range of the viewing user, and a random number;
  • An authentication key value obtaining module configured to generate, according to the first key value and the second key value, a terminal side authentication key value for the target video, and send the value to the server, or according to the foregoing a Key value, the second Key value, and the random number generate a terminal side authentication Key value for the target video and send the value to the server, so that the server receives the terminal side for the target video Returning the target video to the user terminal when authenticating the Key value;
  • a video receiving module configured to receive the target video from the server.
  • the authentication key value obtaining module includes:
  • An authentication key value generating unit configured to generate a terminal side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, or for using the Generating, by the first Key value, the second Key value, the random number, and the request identification identifier group, a terminal side authentication key value for the target video;
  • the authentication key value sending unit is configured to send the terminal side authentication key value for the target video to the server.
  • the authentication key value generating unit is specifically configured to:
  • the request identification identifier group carried in the video stream address request includes:
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the permission range of the viewing user.
  • the video type identification code of each webcast video and the room identification code is not limited to the video type identification code.
  • the technical solution provided by the present invention is: receiving a video stream address request for a target video sent by a user terminal; and if the viewing user corresponding to the user terminal has viewing rights to the target video, returning a video for characterizing the target video to the user terminal a first Key value of the type and a second Key value for characterizing a permission range of the viewing user; receiving the terminal-side authentication Key value for the target video generated by the user terminal based on the first Key value and the second Key value Return the target video to the user terminal.
  • the video stream address is authenticated according to the video type of the target video and the permission range of the viewing user, so that different types of the target video and different viewing rights of the viewing user are calculated, and different server side and terminal side are calculated.
  • the server For the authentication KEY value for authenticating the video stream address, the server only returns the requested target video for the user terminal that generates the authentication KEY value based on the first and second KEY values, so only the viewing rights of the target video are actually available.
  • the user can obtain the target video from the server, otherwise the server will refuse to deliver the target video.
  • the video stream address can be prevented from being illegally acquired, thus improving the security of the video stream address.
  • the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal.
  • the number and the terminal feature are combined to calculate the final authentication key value.
  • the video stream address request carries the request identification identifier group, including the time identifier of the time when the user terminal sends the video stream address request, so that the generated authentication KEY values of the server side and the terminal side are dependent on non-repetitiveness and
  • the reproducible time identifier further ensures that the calculated authentication KEY value will not be imitated every time, so when a viewing user requests the correct address, it cannot be used by other viewing users because a video stream address can only be used. Use once.
  • FIG. 1 is a flowchart of a video playing method according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a video request method according to an embodiment of the present invention.
  • FIG. 3 is a block diagram of a video playback apparatus according to an embodiment of the present invention.
  • FIG. 4 is a block diagram of a video requesting apparatus according to an embodiment of the present invention.
  • the embodiment of the present invention provides a video request, a video playing method, and a device.
  • the general idea is as follows:
  • the video stream address is authenticated according to the first Key value of the video type of the target video and the second Key value for characterizing the viewing range of the viewing user. Therefore, for different types of target videos and different permission ranges of the viewing users, different authentication KEY values for authenticating the video stream addresses on the server side and the terminal side are calculated, and the server is only based on the first and second servers.
  • the KEY value generates the target video of the user terminal that authenticates the KEY value, thereby greatly enhancing the accuracy of authenticating the video stream address, thereby preventing the video stream address from being illegally acquired, and improving the security of the video stream address. .
  • an embodiment of the present invention provides a video playing method, including the following steps:
  • S101 Receive a video stream address request for a target video that is sent by the user terminal.
  • the target video may be a live webcast video or a recorded video resource stored on a server.
  • the server is provided with a ticket system or a VIP authentication system, and different types of tickets are set for webcast videos of different video types, and different types of VIPs are set for recording videos of different video types.
  • the live webcast video as an example, if the viewing user's permission range of the game ticket is all game-type live rooms, the viewing user with the game ticket has the viewing right for the game-like video; and the viewing range of the viewing user with the sports ticket For all sports live rooms, the viewing users who have game tickets have the right to watch sports videos; the viewing rights of the viewing users with variety tickets are the variety live rooms, and the viewing users with game tickets have watched the variety videos. Permissions.
  • the ticket system is configured to identify whether the viewing user corresponding to the user terminal that sends the video stream address request has a ticket of the video type to which the target video belongs, thereby determining whether the viewing user has viewing rights to the target video.
  • the video stream address request in order to determine whether the viewing user has the viewing right for the target video, carries the user identification information of the viewing user corresponding to the user terminal, such as a username and a password.
  • the server stores the permission range corresponding to each user identification information, so that the server determines whether the viewing user corresponding to the user terminal has the viewing right for the target video according to the correspondence between the user identification information and the permission range. If the viewing user does not have the viewing right for the target video, the server directly rejects the video stream address request of the user terminal, and does not return to the user terminal the first Key value for characterizing the video type of the target video and the permission range for characterizing the viewing user. The second key value. If the viewing user has viewing rights to the target video, the server returns a video type for characterizing the target video to the user terminal. The first Key value and a second Key value used to characterize the scope of viewing of the viewing user.
  • the ticket class KEY value corresponds to the video type one by one, and the ticket class KEY value may be a random string, then the first key value is A string representing the video type of the target video. For example, if the target video is a sports video, the first key value is specifically a character string indicating that the target video is a sports video. For example, if the target video is a game video, the first key value is specifically to represent the target video as a game video. String.
  • the second key value includes the live broadcast type identification code and the room identification code of each live webcast video within the scope of the user's permission.
  • the live type identification code and the room identification code of each live webcast video in the user's permission range are input into the MD5 algorithm, and the second KEY value is obtained by the operation:
  • KEY2 MD5.create(roomid+type)
  • the roomid is the room identification code of each webcast live video within the scope of the user's permission
  • the type is the live type identification code of each webcast live video within the scope of the user's permission.
  • the process proceeds to S103.
  • the target video is returned to the user terminal.
  • the terminal-side authentication key value of the target video is specifically generated by the user terminal according to the following manner:
  • the user terminal If the user terminal receives the first key value and the second key value from the server, the user terminal generates a terminal side authentication key value for the target video based on the first key value and the second key value, and sends the value to the server.
  • the video type of the target video and the permission range of the viewing user are used as the KEY value of the video stream address authentication, so that different authentication KEY values can be obtained for different video types and different permission ranges, and the same video stream address is sent.
  • Receiver The server and the user terminal can always maintain the same authentication KEY value, which can greatly improve the accuracy of video address authentication and avoid illegal acquisition.
  • the terminal side authentication key value for the target video is generated based on the first key value, the second key value, and the request identification identifier group.
  • the request identification identifier group includes a time identifier indicating a time when the user terminal sends the video stream address request, and a terminal feature of at least one type of user terminal: a token (Token) when the user logs in to the server, and a unique ID of the user terminal. (UDID, Unique Device Identifier), the current IP address of the user terminal. Therefore, the video stream address authentication is performed depending on the time, so that the calculated video stream address is different each time, because the uniqueness of time makes a video stream address only Can be used once, so when the viewing user requests the correct video stream address is not available to others, further improving the security of the video stream address.
  • a token When the user logs in to the server
  • UDID Unique Device Identifier
  • time for the terminal to send the video stream address request may be determined according to the system time.
  • the main consideration of this kind of processing is that the server's system time is definitely correct, but the client's time may be that the hacker deliberately modifies the time to facilitate the hacker to crack the video stream address.
  • the time parameter can play a good role in random data, so To ensure the accuracy of time.
  • the server obtains the time of the server system to determine whether the time reported by the client is very different from the server time (for example, by setting a reporting time threshold), if the difference is very small, the client is The reporting time is correct, otherwise the time reported by the client is wrong, otherwise the client video stream address request is rejected.
  • the method further includes the steps of: acquiring a server system time; determining, by using the system time, a time that the user terminal that is characterized by the time identifier sends the video stream address request and the Whether the system time difference is within a preset reporting time threshold, and if yes, determining that the reporting time of the video stream address request is correct; otherwise, determining that the reporting time of the video stream address request is incorrect, rejecting the video stream address request.
  • the request identification identifier group carried in the video stream address request further includes the room identification code of the target network live video, thereby further improving the video stream address security of the webcast video.
  • the server side provides the following implementation process:
  • the server generates a server-side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, and compares the received authentication key value with the server-side authentication key value for the target video. Whether it is consistent; if it is consistent, the received authentication key value is a terminal-side authentication key value for the target video generated by the user terminal based on the first key value and the second key value, and the server returns the target to the user terminal. Video; if it is inconsistent, the received authentication key value is sent by other terminals, and the target video is rejected.
  • the manner in which the server side performs the generation of the server-side authentication key value is an implementation manner of combining the MD5 (message digest algorithm) algorithm and the RSA encryption algorithm:
  • first Key value and the second Key value are input into the MD5 algorithm to obtain an intermediate Key value:
  • NewKey MD5.Create(KEY1+KEY2)
  • NewKey is the intermediate Key value
  • KEY1 is the first Key value
  • KEY2 is the second Key value.
  • the intermediate key value and the request identification identifier group are input into the RSA encryption algorithm to calculate the server side authentication key value for the target video:
  • KEY RSA.encrypt(Token+Roomid+ID+IP+Time, NewKey);
  • the time parameter is the time identifier of the user terminal to send the video stream address request
  • the Token parameter is the token when the user logs in to the server
  • the ID parameter is the unique ID of the user terminal (UDID, Unique Device Identifier)
  • the IP parameter is the current state of the user terminal. IP address.
  • the RSA encryption algorithm is taken as an example in the embodiment of the present invention, but other asymmetric encryption algorithms, such as an elliptic curve algorithm, may also be used.
  • the RSA encryption algorithm is an asymmetric encryption algorithm.
  • the RSA algorithm is characterized by the ability to generate a pair of public and private keys (the public and private keys are uniquely paired. If the data is encrypted with a public key, only the private key can be decrypted. Out of the original data, the server will send the first key value to the client, and the server can generate a private key Key according to the first key value (as the public key of the RSA) through the RSA algorithm (and store the private key, The subsequent terminal reports the characteristics of the terminal.
  • the terminal When the terminal receives the first key value of the server, when the terminal features of the terminal are reported, the characteristics of the terminal (token, ID, IP, etc.) are encrypted by using the RSA algorithm. After receiving the reported data, the server uses the private key generated by RSA to decrypt it.
  • the advantage of this processing is that the information reported by the terminal is encrypted to ensure the security of the data reported by the terminal, and the RSA algorithm is used to encrypt, so the hacker cannot decrypt even if the information is intercepted without the private key, because the private key is only stored by the server. .
  • the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal. The number will be calculated together with the terminal characteristics to obtain the final authentication key value.
  • the advantage of increasing this random number is that the time value cannot be completely guaranteed because one dimension of the time parameter always changes, because the time data is regular, so here Adding a server to send a random number further strengthens the randomness of the finally generated authentication key value.
  • the calculation of the authentication Key value is:
  • KEY RSA.encrypt(Token+Roomid+ID+IP+Time, NewKey)
  • KEY RSA.encrypt(Token+Roomid+ID+IP+Time+Random, NewKey)
  • Random Both the server and the terminal are added together with the random number when calculating the final authentication key. This random number is sent by the server because it is generally considered that the server is definitely safe.
  • an embodiment of the present invention provides a video requesting method, which is applied to a user terminal corresponding to the foregoing video playing method. Referring to FIG. 2, the video requesting method includes:
  • S202 Receive a first Key value returned by the server for characterizing a video type of the target video, and a second Key value used to represent a permission range of the viewing user.
  • S203 Generate a terminal-side authentication key value for the target video according to the first key value and the second key value, and send the value to the server, so that the server returns the target video to the user terminal when receiving the terminal-side authentication key value for the target video. ;
  • S203 includes the following refinement steps:
  • an implementation manner of generating a terminal-side authentication key value for the target video is specifically:
  • the request identification identifier group carried in the video stream address request includes: a time identifier indicating a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal as follows: The token when the user logs in to the server, the unique ID of the user terminal, and the current IP address of the user terminal are viewed.
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes each part of the viewing user's permission range.
  • the video type identifier of the live webcast video and the room identification code is included in the request identification identifier group.
  • the embodiment of the present video request method corresponds to the technical features in the implementation of the foregoing video playing method. Therefore, based on the video playing method introduced by the present invention, those skilled in the art can understand the implementation manner of the video requesting device, and thus will not be described herein. .
  • the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal. The number will be calculated together with the terminal characteristics to obtain the final authentication key value.
  • the advantage of increasing this random number is that the time value cannot be completely guaranteed because one dimension of the time parameter always changes, because the time data is regular, so here Adding a server to send a random number further strengthens the randomness of the finally generated authentication key value.
  • an embodiment of the present invention provides a video playing device for implementing the foregoing video playing method, which is applied to a server.
  • the video playing device includes:
  • the address request receiving module 301 is configured to receive a video stream address request for the target video sent by the user terminal;
  • the Key value sending module 302 is configured to: if the viewing user corresponding to the user terminal has the viewing right to the target video, return a first Key value for characterizing the video type of the target video to the user terminal, and Characterizing a second Key value of the range of rights of the viewing user;
  • a video returning module 303 configured to receive, by the user terminal, a terminal-side authentication key value for the target video generated by the first key value and the second key value, to the user terminal Return to the target video.
  • the device further includes:
  • the authority discriminating module is configured to determine, according to the correspondence between the user identification information and the permission range, whether the viewing user has viewing rights to the target video.
  • the device further includes:
  • An authentication key value generating module configured to generate a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
  • the authentication key value comparison module is configured to compare the received authentication key value with the server-side authentication key value of the target video, and if yes, the received authentication key value is The terminal side authentication key value of the target video.
  • the authentication key value generating module is specifically configured to:
  • the request identifying the identifier group includes:
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the viewing user.
  • the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal. The number will be calculated together with the terminal characteristics to obtain the final authentication key value.
  • the advantage of increasing this random number is that the time value cannot be completely guaranteed because one dimension of the time parameter always changes, because the time data is regular, so here Adding a server to send a random number further strengthens the randomness of the finally generated authentication key value.
  • the video playback device is a device for implementing the foregoing video playback method according to the embodiment of the present invention. Therefore, based on the video playback method introduced by the present invention, those skilled in the art can understand the specific structure and deformation of the video playback device, and thus No longer. Any device used in the video playing method of the present invention is within the scope of the present invention.
  • an embodiment of the present invention further provides a video requesting apparatus for implementing the foregoing video requesting method, which is applied to a user terminal.
  • the video requesting apparatus includes:
  • An address request sending module 401 configured to send a video stream address request for the target video to the server;
  • the Key value receiving module 402 is configured to receive a first Key value returned by the server for characterizing a video type of the target video and a second Key value used to represent a permission range of the viewing user;
  • the authentication key value obtaining module 403 is configured to generate a terminal side authentication key value for the target video according to the first key value and the second key value, and send the value to the server, so that the server receives Returning the target video to the user terminal when the terminal side authentication key value is used for the target video;
  • the video receiving module 404 is configured to receive the target video from the server.
  • the authentication key value obtaining module 403 includes:
  • the authentication key value generating unit is configured to generate a terminal side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
  • the authentication key value sending unit is configured to send the terminal side authentication key value for the target video to the server.
  • the authentication key value generating unit is specifically configured to:
  • the request identification identifier group carried in the video stream address request includes:
  • Characterizing a time identifier of the time at which the user terminal sends the video stream address request and At least one terminal feature of the user terminal: the token when the user logs in to the server, the unique ID of the user terminal, and the current IP address of the user terminal.
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the rights of the viewing user.
  • the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal. The number will be calculated together with the terminal characteristics to obtain the final authentication key value.
  • the advantage of increasing this random number is that the time value cannot be completely guaranteed because one dimension of the time parameter always changes, because the time data is regular, so here Adding a server to send a random number further strengthens the randomness of the finally generated authentication key value.
  • the present video requesting device is an electronic device used in the foregoing video requesting method according to the embodiment of the present invention. Therefore, those skilled in the art can understand the specific structure and deformation of the video requesting device based on the method described in the video requesting method embodiment of the present invention. Therefore, it will not be repeated here.
  • the apparatus used in the video request method of the present invention is within the scope of the present invention.
  • the technical solution provided by the present invention is: receiving a video stream address request for a target video sent by a user terminal; and if the viewing user corresponding to the user terminal has viewing rights to the target video, returning a video for characterizing the target video to the user terminal a first Key value of the type and a second Key value for characterizing a permission range of the viewing user; receiving the terminal-side authentication Key value for the target video generated by the user terminal based on the first Key value and the second Key value Return the target video to the user terminal.
  • the video stream address is authenticated according to the video type of the target video and the permission range of the viewing user, so that different types of the target video and different viewing rights of the viewing user are calculated, and different server side and terminal side are calculated.
  • the server For the authentication KEY value for authenticating the video stream address, the server only returns the requested target video for the user terminal that generates the authentication KEY value based on the first and second KEY values, so only the viewing rights of the target video are actually available.
  • the user can obtain the target video from the server, otherwise the server will refuse to deliver the target video. Therefore, the accuracy of authenticating the video stream address is greatly enhanced, and the video stream address can be prevented from being illegally acquired, thereby improving the security of the video stream address.
  • the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal.
  • the number and the terminal feature are combined to calculate the final authentication key value.
  • the video stream address request carries the request identification identifier group, including the time identifier of the time when the user terminal sends the video stream address request, so that the generated authentication KEY values of the server side and the terminal side are dependent on non-repetitiveness and
  • the reproducible time identifier further ensures that the calculated authentication KEY value will not be imitated every time, so when a viewing user requests the correct address, it cannot be used by other viewing users because a video stream address can only be used. Use once.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Abstract

The present invention discloses a video request and video playing method and apparatus, applied to the technical field of communications. The video playing method comprises: receiving a video stream address request sent by a user terminal for a target video; and if a viewer corresponding to the user terminal has viewing permission for the target video, returning, to the user terminal, a first key value for characterizing a video type of the target video and a second key value for characterizing a permission range of the viewer; and returning the target video to the user terminal if a terminal side authentication key value sent by the user terminal and generated for the target video on the basis of the first key value and the second key value is received. The present invention resolves the technical problem in the prior art of low video stream address security, thereby greatly enhancing video stream address authentication accuracy, and avoiding unauthorized acquisition of video stream addresses, improving security of video stream addresses.

Description

一种视频请求、视频播放方法及装置Video request, video playing method and device 技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种视频请求、视频播放方法及装置。The present invention relates to the field of communications technologies, and in particular, to a video request, a video playing method, and a device.
背景技术Background technique
目前,视频直播是利用互联网及流媒体技术进行直播,然后视频内容的提供方存在视频流地址被第三方平台获取,从而可以不通过直播网站直接观看视频,即绕过了直播网站的视频播放器提供的视频播放,同时对于直播网站也会使用有一些收费视频内容,比如直播网站的门票房间,只有购买了门票才能观看;又比如类似于一些视频网站中只有购买VIP会员才能观看VIP视频,因此对于视频流地址被盗取,则使得没有购买门票的用户可以直接观看门票房间、没有购买VIP会员的用户可以直接观看VIP视频,还会给用户带来个人信息泄露的风险。At present, the live video broadcast is performed by using the Internet and streaming media technology, and then the video content provider has the video stream address obtained by the third-party platform, so that the video can be directly viewed without going through the live website, that is, the video player bypassing the live website. The video provided is also played. At the same time, there are some paid video content for the live website. For example, the ticket room of the live website can only be viewed when the ticket is purchased. For example, similar to some video websites, only the VIP member can purchase the VIP video, so If the video stream address is stolen, the user who has not purchased the ticket can directly view the ticket room, and the user who does not purchase the VIP member can directly watch the VIP video, and also brings the risk of personal information leakage to the user.
为了避免视频流地址被盗取,现有技术会对视频流地址进行加密保护以防止被盗取视频流地址,但是仅仅加密后的视频流地址容易被破解,因此视频流地址安全性低,进而视频容易被非法获取。In order to prevent the video stream address from being stolen, the prior art encrypts the video stream address to prevent the video stream address from being stolen, but only the encrypted video stream address is easily cracked, so the video stream address is low in security. Video is easily obtained illegally.
发明内容Summary of the invention
本发明实施例通过提供一种视频请求、视频播放方法及装置,解决了现有技术中视频流地址安全性低的技术问题。The embodiment of the invention solves the technical problem of low video stream address security in the prior art by providing a video request, a video playing method and a device.
第一方面,本发明实施例提供了一种视频播放方法,应用于服务器,所述方法包括:In a first aspect, an embodiment of the present invention provides a video playing method, which is applied to a server, where the method includes:
接收用户终端发送的针对目标视频的视频流地址请求;Receiving a video stream address request for the target video sent by the user terminal;
如果所述用户终端对应的观看用户对所述目标视频有观看权限,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值,或者,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值、用于表征所述观看用户的权限范围的第二Key值以及随机数;Returning, to the user terminal, a first Key value for characterizing a video type of the target video and a permission range for characterizing the viewing user, if a viewing user corresponding to the user terminal has viewing rights to the target video a second Key value, or returning, to the user terminal, a first Key value for characterizing a video type of the target video, a second Key value for characterizing a permission range of the viewing user, and a random number;
接收到所述用户终端发送的基于所述第一Key值与所述第二Key值生成的针对所述目标视频的终端侧鉴权Key值时,或者,接收到所述用户终端发送的基于所述第一Key值、所述第二Key值以及所述随机数生成的针对所述目标视频的终端侧鉴权Key值时,向所述用户终端返回所述目标视频。Receiving, by the user terminal, a terminal-side authentication key value for the target video generated based on the first key value and the second key value, or receiving a base station sent by the user terminal When the first key value, the second key value, and the terminal-side authentication key value generated by the random number for the target video are generated, the target video is returned to the user terminal.
可选的,如果所述视频流地址请求中携带有所述观看用户的用户识别信 息,所述方法还包括:Optionally, if the video stream address request carries the user identification letter of the viewing user The method further includes:
根据所述用户识别信息与所述权限范围的对应关系,判别所述观看用户是否对所述目标视频有观看权限。Determining whether the viewing user has viewing rights to the target video according to the correspondence between the user identification information and the permission range.
可选的,如果所述视频流地址请求中携带有请求识别标识组,在所述接收用户终端发送的针对目标视频的视频流地址请求之后,所述方法还包括:Optionally, if the video stream address request carries the request identification identifier group, after the receiving the user terminal sends the video stream address request for the target video, the method further includes:
基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值;或者,基于所述第一Key值、所述第二Key值、所述随机数和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值;Generating a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group; or, based on the first key value, the second key a value, the random number, and the request identification identifier group generate a server side authentication key value for the target video;
将接收到的鉴权Key值分别与针对所述目标视频的服务器侧鉴权Key值进行对比是否一致;Comparing the received authentication key values with the server-side authentication key values for the target video respectively;
如果一致,表征接收到的鉴权Key值为针对所述目标视频的终端侧鉴权Key值。If consistent, the received authentication key value is a terminal-side authentication key value for the target video.
可选的,所述基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值,包括:Optionally, the generating the server-side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, including:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的服务器侧鉴权Key值;或者,And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a server side authentication key value for the target video; or
所述基于所述第一Key值、所述第二Key值、所述随机数和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值,包括:And generating, by the first key value, the second key value, the random number, and the request identification identifier group, a server side authentication key value for the target video, including:
将所述第一Key值、所述第二Key值、所述随机数输入MD5算法,以运算得到中间Key值;And inputting the first key value, the second key value, and the random number into an MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的服务器侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a server side authentication key value for the target video.
可选的,所述请求识别标识组,包括:Optionally, the request identifies the identifier group, including:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
可选的,还包括:Optionally, it also includes:
获取服务器系统时间;Obtain server system time;
以所述系统时间为基准,判断所述时间标识表征的所述用户终端发送所述视频流地址请求的时间与所述系统时间相差是否在预设的上报时间阈值之内,如果是,则确定所述视频流地址请求的上报时间正确,否则,确定所述视频流 地址请求的上报时间错误,拒绝所述视频流地址请求。Determining, by using the system time, whether the time that the user terminal is configured to send the video stream address request and the system time is within a preset reporting time threshold, and if yes, determining The reporting time of the video stream address request is correct, otherwise, the video stream is determined. The reporting time of the address request is incorrect, and the video stream address request is rejected.
可选的,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,所述第二Key值包括所述观看用户的权限范围内的各个网络直播视频所属的直播类型识别码和所在的房间标识码。Optionally, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes a permission range of the viewing user. The live type identification code and the room identification code of the live network video.
第二方面,本发明实施例提供了一种视频请求方法,应用于用户终端,包括:In a second aspect, an embodiment of the present invention provides a video requesting method, which is applied to a user terminal, and includes:
向服务器发送针对目标视频的视频流地址请求;Sending a video stream address request for the target video to the server;
接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;或者,接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值、用于表征所述观看用户的权限范围的第二Key值以及随机数;Receiving, by the server, a first Key value for characterizing a video type of the target video and a second Key value for characterizing a permission range of the viewing user; or receiving a representation for returning by the server a first Key value of a video type of the target video, a second Key value for characterizing a permission range of the viewing user, and a random number;
根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,或者,根据所述第一Key值、所述第二Key值以及所述随机数生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,以使所述服务器接收到针对所述目标视频的终端侧鉴权Key值时向所述用户终端返回所述目标视频;Generating, by the first key value and the second key value, a terminal-side authentication key value for the target video, and sending the value to the server, or according to the first key value and the second key value. And generating, by the random number, a terminal side authentication key value for the target video, and sending the value to the server, so that the server receives the terminal side authentication key value for the target video to the user terminal Returning the target video;
从所述服务器接收所述目标视频。Receiving the target video from the server.
可选的,如果所述视频流地址请求中携带有请求识别标识组,所述根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,包括:Optionally, if the video stream address request carries the request identification identifier group, the generating, according to the first key value and the second key value, a terminal side authentication key value for the target video and sending To the server, including:
基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值;Generating, by the first key value, the second key value, and the request identification identifier group, a terminal side authentication key value for the target video;
将针对所述目标视频的终端侧鉴权Key值发送给所述服务器;或者,Sending, to the server, a terminal side authentication key value for the target video; or
所述根据所述第一Key值、所述第二Key值以及所述随机数生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,包括:And generating the terminal-side authentication key value for the target video according to the first key value, the second key value, and the random number, and sending the value to the server, including:
基于所述第一Key值、所述第二Key值、所述随机数和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值;Generating, by the first key value, the second key value, the random number, and the request identification identifier group, a terminal side authentication key value for the target video;
将针对所述目标视频的终端侧鉴权Key值发送给所述服务器。A terminal side authentication key value for the target video is sent to the server.
可选的,所述基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值,包括:Optionally, the generating, by the first key value, the second key value, and the request identification identifier group, a terminal side authentication key value for the target video, including:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到 针对所述目标视频的终端侧鉴权Key值;或者,Inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain an operation The terminal side authentication key value for the target video; or
所述基于所述第一Key值、所述第二Key值、所述随机数和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值,包括:And generating, by the first key value, the second key value, the random number, and the request identification identifier group, a terminal side authentication key value for the target video, including:
将所述第一Key值、所述第二Key值与所述随机数输入MD5算法,以运算得到中间Key值;And inputting the first key value, the second key value, and the random number into an MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的终端侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a terminal side authentication key value for the target video.
可选的,所述视频流地址请求中携带的请求识别标识组,包括:Optionally, the request identification identifier group carried in the video stream address request includes:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
可选的,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,第二Key值包括所述观看用户的权限范围内的各个网络直播视频的视频类型识别码和所在的房间标识码。Optionally, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the permission range of the viewing user. The video type identification code of each webcast video and the room identification code.
第三方面,本发明实施例提供了一种视频播放装置,应用于服务器,所述视频播放装置包括:In a third aspect, an embodiment of the present invention provides a video playback device, which is applied to a server, where the video playback device includes:
地址请求接收模块,用于接收用户终端发送的针对目标视频的视频流地址请求;An address request receiving module, configured to receive a video stream address request for the target video sent by the user terminal;
Key值发送模块,用于如果所述用户终端对应的观看用户对所述目标视频有观看权限,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值,或者向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值、用于表征所述观看用户的权限范围的第二Key值以及随机数;a Key value sending module, configured to return, to the user terminal, a first Key value for characterizing a video type of the target video and for characterization if a viewing user corresponding to the user terminal has viewing rights to the target video Viewing a second Key value of the user's permission range, or returning to the user terminal a first Key value for characterizing the video type of the target video, and a second key for characterizing the permission range of the viewing user Value and random number;
视频返回模块,用于接收到所述用户终端发送的基于所述第一Key值与所述第二Key值生成的针对所述目标视频的终端侧鉴权Key值时,或者用于接收到所述用户终端发送的基于所述第一Key值、所述第二Key值以及所述随机数生成的针对所述目标视频的终端侧鉴权Key值时,向所述用户终端返回所述目标视频。a video returning module, configured to receive, when used by the user terminal, a terminal-side authentication key value for the target video generated by using the first key value and the second key value, or for receiving a location Returning the target video to the user terminal when the terminal-side authentication key value for the target video generated by the user terminal is generated based on the first key value, the second key value, and the random number .
可选的,如果所述视频流地址请求中携带有所述观看用户的用户识别信息,所述装置还包括:Optionally, if the video stream address request carries the user identification information of the viewing user, the device further includes:
权限判别模块,用于根据所述用户识别信息与所述权限范围的对应关系,判别所述观看用户是否对所述目标视频有观看权限。The authority discriminating module is configured to determine, according to the correspondence between the user identification information and the permission range, whether the viewing user has viewing rights to the target video.
可选的,如果所述视频流地址请求中携带有请求识别标识组,所述装置还包括: Optionally, if the video stream address request carries the request identification identifier group, the device further includes:
鉴权Key值生成模块,用于基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值,或者用于基于所述第一Key值、所述第二Key值、所述随机数和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值;An authentication key value generating module, configured to generate a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, or Generating, by the first Key value, the second Key value, the random number, and the request identification identifier group, a server side authentication key value for the target video;
鉴权Key值对比模块,用于将接收到的鉴权Key值分别与针对所述目标视频的服务器侧鉴权Key值进行对比是否一致,如果一致,表征接收到的鉴权Key值为针对所述目标视频的终端侧鉴权Key值。The authentication key value comparison module is configured to compare the received authentication key value with the server-side authentication key value of the target video, and if yes, the received authentication key value is The terminal side authentication key value of the target video.
可选的,所述鉴权Key值生成模块,具体用于:Optionally, the authentication key value generating module is specifically configured to:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值,或者将所述第一Key值、所述第二Key值与所述随机数输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to calculate an intermediate key value, or input the first key value, the second key value, and the random number into the MD5 algorithm to The operation obtains an intermediate Key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的服务器侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a server side authentication key value for the target video.
可选的,所述请求识别标识组,包括:Optionally, the request identifies the identifier group, including:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
可选的,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,所述第二Key值包括所述观看用户的权限范围内的各个网络直播视频所属的直播类型识别码和所在的房间标识码。Optionally, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes a permission range of the viewing user. The live type identification code and the room identification code of the live network video.
第四方面,本发明实施例提供了一种视频请求装置,应用于用户终端,所述视频请求装置包括:In a fourth aspect, an embodiment of the present invention provides a video requesting apparatus, which is applied to a user terminal, where the video requesting apparatus includes:
地址请求发送模块,用于向服务器发送针对目标视频的视频流地址请求;An address request sending module, configured to send a video stream address request for the target video to the server;
Key值接收模块,用于接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值,或者用于接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值、用于表征所述观看用户的权限范围的第二Key值以及随机数;a Key value receiving module, configured to receive a first Key value returned by the server for characterizing a video type of the target video, and a second Key value for characterizing a permission range of the viewing user, or for receiving Determining, by the server, a first Key value for characterizing a video type of the target video, a second Key value for characterizing a permission range of the viewing user, and a random number;
鉴权Key值获取模块,用于根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,或者用于根据所述第一Key值、所述第二Key值以及所述随机数生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,以使所述服务器接收到针对所述目标视频的终端侧鉴权Key值时向所述用户终端返回所述目标视频;An authentication key value obtaining module, configured to generate, according to the first key value and the second key value, a terminal side authentication key value for the target video, and send the value to the server, or according to the foregoing a Key value, the second Key value, and the random number generate a terminal side authentication Key value for the target video and send the value to the server, so that the server receives the terminal side for the target video Returning the target video to the user terminal when authenticating the Key value;
视频接收模块,用于从所述服务器接收所述目标视频。 a video receiving module, configured to receive the target video from the server.
可选的,如果所述视频流地址请求中携带有请求识别标识组,所述鉴权Key值获取模块,包括:Optionally, if the video stream address request carries the request identification identifier group, the authentication key value obtaining module includes:
鉴权Key值生成单元,用于基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值,或者用于基于所述第一Key值、所述第二Key值、所述随机数和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值;An authentication key value generating unit, configured to generate a terminal side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, or for using the Generating, by the first Key value, the second Key value, the random number, and the request identification identifier group, a terminal side authentication key value for the target video;
鉴权Key值发送单元,用于将针对所述目标视频的终端侧鉴权Key值发送给所述服务器。The authentication key value sending unit is configured to send the terminal side authentication key value for the target video to the server.
可选的,所述鉴权Key值生成单元,具体用于:Optionally, the authentication key value generating unit is specifically configured to:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值,或者将所述第一Key值、所述第二Key值与所述随机数输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to calculate an intermediate key value, or input the first key value, the second key value, and the random number into the MD5 algorithm to The operation obtains an intermediate Key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的终端侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a terminal side authentication key value for the target video.
可选的,所述视频流地址请求中携带的请求识别标识组,包括:Optionally, the request identification identifier group carried in the video stream address request includes:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
可选的,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,第二Key值包括所述观看用户的权限范围内的各个网络直播视频的视频类型识别码和所在的房间标识码。Optionally, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the permission range of the viewing user. The video type identification code of each webcast video and the room identification code.
本发明实施例中提供的一个或多个技术方案,至少具有如下技术效果或优点:One or more technical solutions provided in the embodiments of the present invention have at least the following technical effects or advantages:
通过本发明提供的技术方案:接收用户终端发送的针对目标视频的视频流地址请求时;如果用户终端对应的观看用户对所述目标视频有观看权限,向用户终端返回用于表征目标视频的视频类型的第一Key值和用于表征观看用户的权限范围的第二Key值;接收到用户终端发送的基于第一Key值与第二Key值生成的针对目标视频的终端侧鉴权Key值时向述用户终端返回目标视频。可见是根据目标视频的视频类型、观看用户的权限范围进行视频流地址进行鉴权验证,从而对于目标视频的类型不同、观看用户的权限范围不同,都会计算出不同的服务器侧和终端侧的用于对视频流地址进行鉴权的鉴权KEY值,服务器只针对基于第一、二KEY值生成了鉴权KEY值的用户终端返回请求的目标视频,因此只有真正有对目标视频有观看权限的用户才能从服务器获取到目标视频,否则服务器会拒绝下发目标视频。从而极大加强了对视频流地址鉴权的准 确性,能够避免视频流地址被非法获取,因此提高了视频流地址的安全性。The technical solution provided by the present invention is: receiving a video stream address request for a target video sent by a user terminal; and if the viewing user corresponding to the user terminal has viewing rights to the target video, returning a video for characterizing the target video to the user terminal a first Key value of the type and a second Key value for characterizing a permission range of the viewing user; receiving the terminal-side authentication Key value for the target video generated by the user terminal based on the first Key value and the second Key value Return the target video to the user terminal. It can be seen that the video stream address is authenticated according to the video type of the target video and the permission range of the viewing user, so that different types of the target video and different viewing rights of the viewing user are calculated, and different server side and terminal side are calculated. For the authentication KEY value for authenticating the video stream address, the server only returns the requested target video for the user terminal that generates the authentication KEY value based on the first and second KEY values, so only the viewing rights of the target video are actually available. The user can obtain the target video from the server, otherwise the server will refuse to deliver the target video. Thereby greatly enhancing the accuracy of video stream address authentication It is true that the video stream address can be prevented from being illegally acquired, thus improving the security of the video stream address.
在一个优选方案中,服务器在将第一Key值和第二Key值发送给终端基础上,同时服务器还会生成一个随机数(客户端每次请求都会重新生成),也发送给终端,此随机数会和终端特征一并计算得到最终的鉴权Key值,增加此随机数的好处是,由于时间参数一个维度不能完全保障计算的值总是变化的,因为时间数据是有规律的,所以在此增加一个随机数,那么从而进一步的加强了最终生成的鉴权Key值的随机性。In a preferred solution, the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal. The number and the terminal feature are combined to calculate the final authentication key value. The advantage of increasing the random number is that the time value cannot be completely guaranteed because one dimension of the time parameter always changes, because the time data is regular, so This adds a random number, which further enhances the randomness of the finally generated authentication Key value.
进一步的,通过视频流地址请求中携带有请求识别标识组,包括用户终端发送视频流地址请求所在时刻的时间标识,从而生成的服务器侧和终端侧的鉴权KEY值均依赖于不具重复性和复制性的时间标识,使得进一步确保了每次计算出来的鉴权KEY值不会被模仿,所以当一个观看用户请求到正确地址后是无法给其他观看用户使用的,因为一个视频流地址只能使用一次。Further, the video stream address request carries the request identification identifier group, including the time identifier of the time when the user terminal sends the video stream address request, so that the generated authentication KEY values of the server side and the terminal side are dependent on non-repetitiveness and The reproducible time identifier further ensures that the calculated authentication KEY value will not be imitated every time, so when a viewing user requests the correct address, it cannot be used by other viewing users because a video stream address can only be used. Use once.
附图说明DRAWINGS
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are some embodiments of the present invention. Other drawings may also be obtained from those of ordinary skill in the art in light of the inventive work.
图1为本发明实施例提供的视频播放方法的流程图;FIG. 1 is a flowchart of a video playing method according to an embodiment of the present invention;
图2为本发明实施例提供的视频请求方法的流程图;2 is a flowchart of a video request method according to an embodiment of the present invention;
图3为本发明实施例提供的视频播放装置的模块图;FIG. 3 is a block diagram of a video playback apparatus according to an embodiment of the present invention;
图4为本发明实施例提供的视频请求装置的模块图。FIG. 4 is a block diagram of a video requesting apparatus according to an embodiment of the present invention.
具体实施方式detailed description
鉴于现有技术中视频流地址安全性低的技术问题,本发明实施例通过提供一种视频请求、视频播放方法及装置,总体思路如下:In view of the technical problem that the video stream address security is low in the prior art, the embodiment of the present invention provides a video request, a video playing method, and a device. The general idea is as follows:
根据目标视频的视频类型的第一Key值和用于表征观看用户的权限范围的第二Key值进行视频流地址进行了鉴权验证。从而对于目标视频的类型不同、观看用户的权限范围不同,都会计算出不同的服务器侧和终端侧的用于对视频流地址进行鉴权的鉴权KEY值,服务器只针对服务器基于第一、二KEY值生成了鉴权KEY值的用户终端返回请求的目标视频,从而极大加强了对视频流地址鉴权的准确性,从而能够避免视频流地址被非法获取,提高了视频流地址的安全性。The video stream address is authenticated according to the first Key value of the video type of the target video and the second Key value for characterizing the viewing range of the viewing user. Therefore, for different types of target videos and different permission ranges of the viewing users, different authentication KEY values for authenticating the video stream addresses on the server side and the terminal side are calculated, and the server is only based on the first and second servers. The KEY value generates the target video of the user terminal that authenticates the KEY value, thereby greatly enhancing the accuracy of authenticating the video stream address, thereby preventing the video stream address from being illegally acquired, and improving the security of the video stream address. .
为了更好的理解上述技术方案,下面将结合说明书附图以及具体的实施方 式对上述技术方案进行详细的说明。In order to better understand the above technical solutions, the following will be combined with the drawings and specific implementations. The above technical solutions are described in detail.
参考图1所示,本发明实施例提供了一种视频播放方法,包括如下步骤:Referring to FIG. 1, an embodiment of the present invention provides a video playing method, including the following steps:
S101、接收用户终端发送的针对目标视频的视频流地址请求;S101. Receive a video stream address request for a target video that is sent by the user terminal.
S102、如果用户终端对应的观看用户对目标视频有观看权限,向用户终端返回用于表征目标视频的视频类型的第一Key值和用于表征观看用户的权限范围的第二Key值;S102. If the viewing user corresponding to the user terminal has the viewing right to the target video, return a first Key value for characterizing the video type of the target video and a second Key value for characterizing the permission range of the viewing user to the user terminal;
S103、接收到用户终端发送的基于第一Key值与第二Key值生成的针对目标视频的终端侧鉴权Key值时,向用户终端返回目标视频。S103. When receiving the terminal-side authentication key value for the target video generated by the user terminal and based on the first key value and the second key value, returning the target video to the user terminal.
需要说明的是,在本发明实施例中,目标视频可以为网络直播视频,也可以为存储在服务器上的录制视频资源。It should be noted that, in the embodiment of the present invention, the target video may be a live webcast video or a recorded video resource stored on a server.
下面结合图1,对本发明实施例提供的视频播放方法的每个步骤进行详细描述:Each step of the video playing method provided by the embodiment of the present invention is described in detail below with reference to FIG. 1 :
首先,执行S101:接收用户终端发送的针对目标视频的视频流地址请求。First, executing S101: receiving a video stream address request for the target video sent by the user terminal.
具体的,服务器上设置有门票系统或VIP认证系统,针对不同视频类型的网络直播视频设置有不同的门票类型,针对不同视频类型的录制视频设置有不同的VIP类型。具体的,以网络直播视频为例,有游戏门票的观看用户的权限范围为所有游戏类直播房间,则有游戏门票的观看用户对游戏类视频有观看权限;有体育门票的观看用户的权限范围为所有体育类直播房间,则有游戏门票的观看用户对体育类视频有观看权限;有综艺门票的观看用户的权限范围为综艺类直播房间,则有游戏门票的观看用户对综艺类视频有观看权限。Specifically, the server is provided with a ticket system or a VIP authentication system, and different types of tickets are set for webcast videos of different video types, and different types of VIPs are set for recording videos of different video types. Specifically, taking the live webcast video as an example, if the viewing user's permission range of the game ticket is all game-type live rooms, the viewing user with the game ticket has the viewing right for the game-like video; and the viewing range of the viewing user with the sports ticket For all sports live rooms, the viewing users who have game tickets have the right to watch sports videos; the viewing rights of the viewing users with variety tickets are the variety live rooms, and the viewing users with game tickets have watched the variety videos. Permissions.
门票系统用于识别发送视频流地址请求的用户终端对应的观看用户是否有目标视频所属视频类型的门票,从而判断出观看用户是否对目标视频有观看权限。The ticket system is configured to identify whether the viewing user corresponding to the user terminal that sends the video stream address request has a ticket of the video type to which the target video belongs, thereby determining whether the viewing user has viewing rights to the target video.
接着,执行S102:如果用户终端对应的观看用户对目标视频有观看权限,向用户终端返回用于表征目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值。Next, executing S102: if the viewing user corresponding to the user terminal has the viewing right to the target video, returning, to the user terminal, a first Key value for characterizing the video type of the target video and a second for characterizing the permission range of the viewing user Key value.
在一实施例中,为了判断观看用户对目标视频是否有观看权限,视频流地址请求中携带有用户终端对应的观看用户的用户识别信息,比如:用户名和密码。服务器中存储有各个用户识别信息对应的权限范围,从而服务器根据用户识别信息与权限范围的对应关系,判别用户终端对应的观看用户是否对目标视频有观看权限。如果观看用户对目标视频没有观看权限,则服务器直接拒绝用户终端的视频流地址请求,不会向用户终端返回用于表征目标视频的视频类型的第一Key值和用于表征观看用户的权限范围的第二Key值。如果观看用户对目标视频有观看权限,则服务器向用户终端返回用于表征目标视频的视频类型 的第一Key值和用于表征观看用户的权限范围的第二Key值。In an embodiment, in order to determine whether the viewing user has the viewing right for the target video, the video stream address request carries the user identification information of the viewing user corresponding to the user terminal, such as a username and a password. The server stores the permission range corresponding to each user identification information, so that the server determines whether the viewing user corresponding to the user terminal has the viewing right for the target video according to the correspondence between the user identification information and the permission range. If the viewing user does not have the viewing right for the target video, the server directly rejects the video stream address request of the user terminal, and does not return to the user terminal the first Key value for characterizing the video type of the target video and the permission range for characterizing the viewing user. The second key value. If the viewing user has viewing rights to the target video, the server returns a video type for characterizing the target video to the user terminal. The first Key value and a second Key value used to characterize the scope of viewing of the viewing user.
在门票系统中有针对每个门票类型设置有一一对应的门票类KEY值,门票类KEY值与视频类型一一对应,门票类KEY值可以是一段随机的字符串,则第一Key值为一段代表目标视频的视频类型的字符串。比如,目标视频为体育类视频,则第一Key值具体为表征目标视频为体育类视频的字符串,比如,目标视频为游戏类视频,则第一Key值具体为表征目标视频为游戏类视频的字符串。In the ticket system, there is a corresponding one-to-one ticket class KEY value for each ticket type. The ticket class KEY value corresponds to the video type one by one, and the ticket class KEY value may be a random string, then the first key value is A string representing the video type of the target video. For example, if the target video is a sports video, the first key value is specifically a character string indicating that the target video is a sports video. For example, if the target video is a game video, the first key value is specifically to represent the target video as a game video. String.
针对目标视频为目标网络直播视频,则第二Key值包括观看用户的权限范围内的各个网络直播视频所属的直播类型识别码和所在的房间标识码。If the target video is the target network live video, the second key value includes the live broadcast type identification code and the room identification code of each live webcast video within the scope of the user's permission.
观看用户的权限范围内的各个网络直播视频所属的直播类型识别码和所在的房间标识码均输入MD5算法,运算得到第二KEY值:The live type identification code and the room identification code of each live webcast video in the user's permission range are input into the MD5 algorithm, and the second KEY value is obtained by the operation:
KEY2=MD5.create(roomid+type)KEY2=MD5.create(roomid+type)
其中,roomid为观看用户的权限范围内的各个网络直播视频所在的房间标识码,type为观看用户的权限范围内的各个网络直播视频所属的直播类型识别码。The roomid is the room identification code of each webcast live video within the scope of the user's permission, and the type is the live type identification code of each webcast live video within the scope of the user's permission.
在执行S102之后,接着,执行S103、接收到用户终端发送的基于第一Key值与第二Key值生成的针对目标视频的终端侧鉴权Key值时,向用户终端返回目标视频。After the execution of S102, the process proceeds to S103. When the terminal-side authentication key value for the target video generated based on the first key value and the second key value sent by the user terminal is received, the target video is returned to the user terminal.
具体的,针对目标视频的终端侧鉴权Key值,具体为用户终端根据如下方式生成:Specifically, the terminal-side authentication key value of the target video is specifically generated by the user terminal according to the following manner:
用户终端若接收到来自服务器的第一Key值和第二Key值,用户终端会基于第一Key值与第二Key值生成针对目标视频的终端侧鉴权Key值并发送给服务器。目标视频的视频类型、观看用户的权限范围作为视频流地址鉴权的KEY值,从而对于不同的视频类型、不同的权限范围都能得到不同的鉴权KEY值,而针对同一视频流地址的发送、接收方:即服务器和用户终端而言,生成的鉴权KEY值始终可以保持一致的,从而可以极大提高视频地址鉴权的准确性,避免被非法获取。If the user terminal receives the first key value and the second key value from the server, the user terminal generates a terminal side authentication key value for the target video based on the first key value and the second key value, and sends the value to the server. The video type of the target video and the permission range of the viewing user are used as the KEY value of the video stream address authentication, so that different authentication KEY values can be obtained for different video types and different permission ranges, and the same video stream address is sent. Receiver: The server and the user terminal can always maintain the same authentication KEY value, which can greatly improve the accuracy of video address authentication and avoid illegal acquisition.
进一步的,如果视频流地址请求中携带请求识别标识组,则基于第一Key值、第二Key值和请求识别标识组生成针对目标视频的终端侧鉴权Key值。Further, if the video stream address request carries the request identification identifier group, the terminal side authentication key value for the target video is generated based on the first key value, the second key value, and the request identification identifier group.
具体的,请求识别标识组包括表征用户终端发送视频流地址请求所在时刻的时间标识,以及如下至少一种用户终端的终端特征:观看用户登录服务器时的令牌(Token)、用户终端的唯一ID(UDID,Unique Device Identifier)、用户终端当前的IP地址。从而实行了视频流地址鉴权依赖于时间来计算,使得每次计算出来的视频流地址是不同的,因为时间的唯一性使得一个视频流地址只 能使用一次,所以当该观看用户请求到正确的视频流地址是无法给到别人使用,进一步提高了视频流地址的安全性。Specifically, the request identification identifier group includes a time identifier indicating a time when the user terminal sends the video stream address request, and a terminal feature of at least one type of user terminal: a token (Token) when the user logs in to the server, and a unique ID of the user terminal. (UDID, Unique Device Identifier), the current IP address of the user terminal. Therefore, the video stream address authentication is performed depending on the time, so that the calculated video stream address is different each time, because the uniqueness of time makes a video stream address only Can be used once, so when the viewing user requests the correct video stream address is not available to others, further improving the security of the video stream address.
需要说明的是,针对上述时间标识,可以依据系统时间确定终端发送视频流地址请求的时间是否合适。这种处理主要考虑的是,服务器的系统时间肯定是正确的,但是客户端的时间有可能黑客故意修改时间,以方便黑客破解视频流地址,时间参数可以起到很好的随机数据的作用,所以要保证时间的准确性。It should be noted that, for the foregoing time identifier, whether the time for the terminal to send the video stream address request is appropriate may be determined according to the system time. The main consideration of this kind of processing is that the server's system time is definitely correct, but the client's time may be that the hacker deliberately modifies the time to facilitate the hacker to crack the video stream address. The time parameter can play a good role in random data, so To ensure the accuracy of time.
具体的,对于终端发送的时间标识,服务器会获取服务器系统的时间,来判断客户端上报的时间是否和服务器时间相差非常小(例如通过设置一个上报时间阈值),如果相差非常小,说明客户端上报时间是正确的,否则客户端上报的时间是错误的,否则拒绝客户端视频流地址请求。Specifically, for the time identifier sent by the terminal, the server obtains the time of the server system to determine whether the time reported by the client is very different from the server time (for example, by setting a reporting time threshold), if the difference is very small, the client is The reporting time is correct, otherwise the time reported by the client is wrong, otherwise the client video stream address request is rejected.
因此,在一个优选方式中,上述方法还包括步骤:获取服务器系统时间;以所述系统时间为基准,判断所述时间标识表征的所述用户终端发送所述视频流地址请求的时间与所述系统时间相差是否在预设的上报时间阈值之内,如果是,则确定所述视频流地址请求的上报时间正确,否则,确定所述视频流地址请求的上报时间错误,拒绝所述视频流地址请求。Therefore, in a preferred mode, the method further includes the steps of: acquiring a server system time; determining, by using the system time, a time that the user terminal that is characterized by the time identifier sends the video stream address request and the Whether the system time difference is within a preset reporting time threshold, and if yes, determining that the reporting time of the video stream address request is correct; otherwise, determining that the reporting time of the video stream address request is incorrect, rejecting the video stream address request.
还需要说明的是,如果目标视频为目标网络直播视频,则视频流地址请求中携带的请求识别标识组还包括目标网络直播视频的房间标识码,进一步提高网络直播视频的视频流地址安全性。It should be noted that, if the target video is the target network live video, the request identification identifier group carried in the video stream address request further includes the room identification code of the target network live video, thereby further improving the video stream address security of the webcast video.
为了验证接收到的鉴权Key值是该用户终端发送的基于第一Key值与所述第二Key值生成的针对目标视频的终端侧鉴权Key值,而不是来自其他终端的鉴权Key值,服务器侧提供了如下实施过程:In order to verify that the received authentication key value is a terminal-side authentication key value for the target video generated by the user terminal based on the first key value and the second key value, instead of the authentication key value from other terminals. The server side provides the following implementation process:
服务器基于第一Key值、第二Key值和请求识别标识组生成针对目标视频的服务器侧鉴权Key值;将接收到的鉴权Key值分别与针对目标视频的服务器侧鉴权Key值进行对比是否一致;如果一致,表征接收到的鉴权Key值为该用户终端发送的基于第一Key值与第二Key值生成的针对目标视频的终端侧鉴权Key值,则服务器向用户终端返回目标视频;如果不一致,表征接收到的鉴权Key值为其他终端发送,则拒绝下发目标视频。The server generates a server-side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, and compares the received authentication key value with the server-side authentication key value for the target video. Whether it is consistent; if it is consistent, the received authentication key value is a terminal-side authentication key value for the target video generated by the user terminal based on the first key value and the second key value, and the server returns the target to the user terminal. Video; if it is inconsistent, the received authentication key value is sent by other terminals, and the target video is rejected.
具体的,例如,服务器侧执行生成服务器侧鉴权Key值的方式为结合MD5(消息摘要算法)算法与RSA加密算法的实施方式:Specifically, for example, the manner in which the server side performs the generation of the server-side authentication key value is an implementation manner of combining the MD5 (message digest algorithm) algorithm and the RSA encryption algorithm:
首先,将第一Key值与第二Key值输入MD5算法,以运算得到中间Key值:First, the first Key value and the second Key value are input into the MD5 algorithm to obtain an intermediate Key value:
NewKey=MD5.Create(KEY1+KEY2)NewKey=MD5.Create(KEY1+KEY2)
其中,NewKey为中间Key值,KEY1为第一Key值,KEY2为第二Key值。Among them, NewKey is the intermediate Key value, KEY1 is the first Key value, and KEY2 is the second Key value.
接着,将中间Key值和请求识别标识组输入RSA加密算法,以运算得到针对目标视频的服务器侧鉴权Key值: Then, the intermediate key value and the request identification identifier group are input into the RSA encryption algorithm to calculate the server side authentication key value for the target video:
KEY=RSA.encrypt(Token+Roomid+ID+IP+Time,NewKey);KEY=RSA.encrypt(Token+Roomid+ID+IP+Time, NewKey);
其中,Time参数为用户终端发送视频流地址请求的时间标识,Token参数为观看用户登录服务器时的令牌、ID参数为用户终端的唯一ID(UDID,Unique Device Identifier)、IP参数为用户终端当前的IP地址。The time parameter is the time identifier of the user terminal to send the video stream address request, the Token parameter is the token when the user logs in to the server, the ID parameter is the unique ID of the user terminal (UDID, Unique Device Identifier), and the IP parameter is the current state of the user terminal. IP address.
本发明实施例以RSA加密算法为例,但是还可以采用其他的非对称加密算法,如椭圆曲线算法等。RSA加密算法是一种非对称加密算法,RSA算法的特点是,可以生成一对公钥和私钥(公钥和私钥是唯一配对的,如果数据使用公钥加密,那么只有私钥才能解密出原始数据),在服务器会将第一Key值发送到客户端,服务器通过RSA算法则可以依据这个第一Key值(做为RSA的公钥)生成一个私钥Key(并存储此私钥,后续终端上报终端特征时会用到),终端收到服务器的第一Key值后,在上报终端的终端特征时,会将终端的特征(令牌、ID、IP等)使用RSA算法来加密,服务器收到上报数据后,使用RSA生成的私钥来解密)。这样处理的好处是,将终端上报的信息进行加密,保障终端上报数据的安全性,同时使用的RSA算法来加密,所以黑客即使截取到信息没有私钥也无法解密,因为私钥只有服务器有存储。The RSA encryption algorithm is taken as an example in the embodiment of the present invention, but other asymmetric encryption algorithms, such as an elliptic curve algorithm, may also be used. The RSA encryption algorithm is an asymmetric encryption algorithm. The RSA algorithm is characterized by the ability to generate a pair of public and private keys (the public and private keys are uniquely paired. If the data is encrypted with a public key, only the private key can be decrypted. Out of the original data, the server will send the first key value to the client, and the server can generate a private key Key according to the first key value (as the public key of the RSA) through the RSA algorithm (and store the private key, The subsequent terminal reports the characteristics of the terminal. When the terminal receives the first key value of the server, when the terminal features of the terminal are reported, the characteristics of the terminal (token, ID, IP, etc.) are encrypted by using the RSA algorithm. After receiving the reported data, the server uses the private key generated by RSA to decrypt it. The advantage of this processing is that the information reported by the terminal is encrypted to ensure the security of the data reported by the terminal, and the RSA algorithm is used to encrypt, so the hacker cannot decrypt even if the information is intercepted without the private key, because the private key is only stored by the server. .
另外,在一个优选方式中,服务器将第一Key值和第二Key值发送给终端的同时,服务器还会生成一个随机数(客户端每次请求都会重新生成),也发送给终端,此随机数会和终端特征一起计算得到最终的鉴权Key值,增加此随机数的好处是,由于时间参数一个维度不能完全保障计算的值总是变化的,因为时间数据是有规律的,所以在此增加一个服务器下发一个随机数,那么从而进一步的加强了最终生成的鉴权Key值的随机性。In addition, in a preferred mode, the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal. The number will be calculated together with the terminal characteristics to obtain the final authentication key value. The advantage of increasing this random number is that the time value cannot be completely guaranteed because one dimension of the time parameter always changes, because the time data is regular, so here Adding a server to send a random number further strengthens the randomness of the finally generated authentication key value.
如前描述的,当服务器仅向终端返回第一Key值和第二Key值时,鉴权Key值的计算为:As described above, when the server returns only the first Key value and the second Key value to the terminal, the calculation of the authentication Key value is:
KEY=RSA.encrypt(Token+Roomid+ID+IP+Time,NewKey)KEY=RSA.encrypt(Token+Roomid+ID+IP+Time, NewKey)
那么,在服务器向终端返回第一Key值、第二Key值以及随机数的情况下,鉴权Key值的计算变化为:Then, when the server returns the first key value, the second key value, and the random number to the terminal, the calculation change of the authentication key value is:
KEY=RSA.encrypt(Token+Roomid+ID+IP+Time+Random,NewKey)KEY=RSA.encrypt(Token+Roomid+ID+IP+Time+Random, NewKey)
后续其他地方也都相应的要加上Random。服务器和终端都在计算最终的鉴权Key时都会加上这个随机数一起计算。此随机数有服务器下发是因为通常都认为服务器肯定是安全的。In the rest of the follow-up, it is also necessary to add Random. Both the server and the terminal are added together with the random number when calculating the final authentication key. This random number is sent by the server because it is generally considered that the server is definitely safe.
例如,所述基于所述第一Key值、所述第二Key值、所述随机数和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值,包括:将所述第一Key值、所述第二Key值、所述随机数输入MD5算法,以运算得到中间Key值;将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到 针对所述目标视频的服务器侧鉴权Key值。基于同一发明构思,本发明实施例提供了一种视频请求方法,与前述视频播放方法对应,应用于用户终端,参考图2所示,该视频请求方法包括:For example, the generating, by the first key value, the second key value, the random number, and the request identification identifier group, a server side authentication key value for the target video, including: a Key value, the second Key value, and the random number input MD5 algorithm, to obtain an intermediate Key value; and input the intermediate Key value and the request identification identifier group into an RSA encryption algorithm, to obtain an operation A server side authentication key value for the target video. Based on the same inventive concept, an embodiment of the present invention provides a video requesting method, which is applied to a user terminal corresponding to the foregoing video playing method. Referring to FIG. 2, the video requesting method includes:
S201、向服务器发送针对目标视频的视频流地址请求;S201. Send a video stream address request for the target video to the server.
S202、接收服务器返回的用于表征目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;S202. Receive a first Key value returned by the server for characterizing a video type of the target video, and a second Key value used to represent a permission range of the viewing user.
S203、根据第一Key值与第二Key值生成针对目标视频的终端侧鉴权Key值并发送给服务器,以使服务器接收到针对目标视频的终端侧鉴权Key值时向用户终端返回目标视频;S203. Generate a terminal-side authentication key value for the target video according to the first key value and the second key value, and send the value to the server, so that the server returns the target video to the user terminal when receiving the terminal-side authentication key value for the target video. ;
S204、从服务器接收目标视频。S204. Receive a target video from a server.
在本发明实施例中,S203包括如下细化步骤:In the embodiment of the present invention, S203 includes the following refinement steps:
基于所述第一Key值、第二Key值和请求识别标识组生成针对所述目标视频的终端侧鉴权Key值。Generating a terminal side authentication key value for the target video based on the first Key value, the second Key value, and the request identification identifier group.
具体的,生成针对所述目标视频的终端侧鉴权Key值的实施方式,具体为:Specifically, an implementation manner of generating a terminal-side authentication key value for the target video is specifically:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的终端侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a terminal side authentication key value for the target video.
具体的,所述视频流地址请求中携带的请求识别标识组,包括:表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Specifically, the request identification identifier group carried in the video stream address request includes: a time identifier indicating a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal as follows: The token when the user logs in to the server, the unique ID of the user terminal, and the current IP address of the user terminal are viewed.
具体的,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,第二Key值包括所述观看用户的权限范围内的各个网络直播视频的视频类型识别码和所在的房间标识码。Specifically, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes each part of the viewing user's permission range. The video type identifier of the live webcast video and the room identification code.
由于本视频请求方法实施例与前述视频播放方法实施中的技术特征对应,故而基于本发明所介绍的视频播放方法,本领域所属人员能够了解该视频请求装置的实现方式,故而在此不再赘述。The embodiment of the present video request method corresponds to the technical features in the implementation of the foregoing video playing method. Therefore, based on the video playing method introduced by the present invention, those skilled in the art can understand the implementation manner of the video requesting device, and thus will not be described herein. .
另外,在一个优选方式中,服务器将第一Key值和第二Key值发送给终端的同时,服务器还会生成一个随机数(客户端每次请求都会重新生成),也发送给终端,此随机数会和终端特征一起计算得到最终的鉴权Key值,增加此随机数的好处是,由于时间参数一个维度不能完全保障计算的值总是变化的,因为时间数据是有规律的,所以在此增加一个服务器下发一个随机数,那么从而进一步的加强了最终生成的鉴权Key值的随机性。 In addition, in a preferred mode, the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal. The number will be calculated together with the terminal characteristics to obtain the final authentication key value. The advantage of increasing this random number is that the time value cannot be completely guaranteed because one dimension of the time parameter always changes, because the time data is regular, so here Adding a server to send a random number further strengthens the randomness of the finally generated authentication key value.
基于同一发明构思,本发明实施例提供了一种实施前述视频播放方法的视频播放装置,应用于服务器,参考图3所示,所述视频播放装置包括:Based on the same inventive concept, an embodiment of the present invention provides a video playing device for implementing the foregoing video playing method, which is applied to a server. Referring to FIG. 3, the video playing device includes:
地址请求接收模块301,用于接收用户终端发送的针对目标视频的视频流地址请求;The address request receiving module 301 is configured to receive a video stream address request for the target video sent by the user terminal;
Key值发送模块302,用于如果所述用户终端对应的观看用户对所述目标视频有观看权限,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;The Key value sending module 302 is configured to: if the viewing user corresponding to the user terminal has the viewing right to the target video, return a first Key value for characterizing the video type of the target video to the user terminal, and Characterizing a second Key value of the range of rights of the viewing user;
视频返回模块303,用于接收到所述用户终端发送的基于所述第一Key值与所述第二Key值生成的针对所述目标视频的终端侧鉴权Key值时,向所述用户终端返回所述目标视频。a video returning module 303, configured to receive, by the user terminal, a terminal-side authentication key value for the target video generated by the first key value and the second key value, to the user terminal Return to the target video.
在本发明实施例中,如果所述视频流地址请求中携带有所述观看用户的用户识别信息,所述装置还包括:In the embodiment of the present invention, if the video stream address request carries the user identification information of the viewing user, the device further includes:
权限判别模块,用于根据所述用户识别信息与所述权限范围的对应关系,判别所述观看用户是否对所述目标视频有观看权限。The authority discriminating module is configured to determine, according to the correspondence between the user identification information and the permission range, whether the viewing user has viewing rights to the target video.
在本发明实施例中,如果所述视频流地址请求中携带有请求识别标识组,所述装置还包括:In the embodiment of the present invention, if the video stream address request carries the request identification identifier group, the device further includes:
鉴权Key值生成模块,用于基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值;An authentication key value generating module, configured to generate a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
鉴权Key值对比模块,用于将接收到的鉴权Key值分别与针对所述目标视频的服务器侧鉴权Key值进行对比是否一致,如果一致,表征接收到的鉴权Key值为针对所述目标视频的终端侧鉴权Key值。The authentication key value comparison module is configured to compare the received authentication key value with the server-side authentication key value of the target video, and if yes, the received authentication key value is The terminal side authentication key value of the target video.
在本发明实施例中,所述鉴权Key值生成模块,具体用于:In the embodiment of the present invention, the authentication key value generating module is specifically configured to:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的服务器侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a server side authentication key value for the target video.
在本发明实施例中,所述请求识别标识组,包括:In the embodiment of the present invention, the request identifying the identifier group includes:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
在本发明实施例中,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,所述第二Key值包括所述观看用户的权限范围内的各个网络直播视频所属的直播类型识别码和所在的房间标识码。 In the embodiment of the present invention, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the viewing user. The live type identification code and the room identification code of each webcast live video within the scope of the permission.
另外,在一个优选方式中,服务器将第一Key值和第二Key值发送给终端的同时,服务器还会生成一个随机数(客户端每次请求都会重新生成),也发送给终端,此随机数会和终端特征一起计算得到最终的鉴权Key值,增加此随机数的好处是,由于时间参数一个维度不能完全保障计算的值总是变化的,因为时间数据是有规律的,所以在此增加一个服务器下发一个随机数,那么从而进一步的加强了最终生成的鉴权Key值的随机性。In addition, in a preferred mode, the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal. The number will be calculated together with the terminal characteristics to obtain the final authentication key value. The advantage of increasing this random number is that the time value cannot be completely guaranteed because one dimension of the time parameter always changes, because the time data is regular, so here Adding a server to send a random number further strengthens the randomness of the finally generated authentication key value.
由于本视频播放装置为实施本发明实施例前述视频播放方法所采用的装置,故而基于本发明所介绍的视频播放方法,本领域所属人员能够了解该视频播放装置的具体结构及变形,故而在此不再赘述。凡是本发明视频播放方法所采用的装置都属于本发明所欲保护的范围。The video playback device is a device for implementing the foregoing video playback method according to the embodiment of the present invention. Therefore, based on the video playback method introduced by the present invention, those skilled in the art can understand the specific structure and deformation of the video playback device, and thus No longer. Any device used in the video playing method of the present invention is within the scope of the present invention.
基于同一发明构思,本发明实施例还提供了一种实施前述视频请求方法的视频请求装置,应用于用户终端,参考图4所示,所述视频请求装置包括:Based on the same inventive concept, an embodiment of the present invention further provides a video requesting apparatus for implementing the foregoing video requesting method, which is applied to a user terminal. Referring to FIG. 4, the video requesting apparatus includes:
地址请求发送模块401,用于向服务器发送针对目标视频的视频流地址请求;An address request sending module 401, configured to send a video stream address request for the target video to the server;
Key值接收模块402,用于接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;The Key value receiving module 402 is configured to receive a first Key value returned by the server for characterizing a video type of the target video and a second Key value used to represent a permission range of the viewing user;
鉴权Key值获取模块403,用于根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,以使所述服务器接收到针对所述目标视频的终端侧鉴权Key值时向所述用户终端返回所述目标视频;The authentication key value obtaining module 403 is configured to generate a terminal side authentication key value for the target video according to the first key value and the second key value, and send the value to the server, so that the server receives Returning the target video to the user terminal when the terminal side authentication key value is used for the target video;
视频接收模块404,用于从所述服务器接收所述目标视频。The video receiving module 404 is configured to receive the target video from the server.
在本发明实施例中,如果所述视频流地址请求中携带有请求识别标识组,所述鉴权Key值获取模块403,包括:In the embodiment of the present invention, if the video stream address request carries the request identification identifier group, the authentication key value obtaining module 403 includes:
鉴权Key值生成单元,用于基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值;The authentication key value generating unit is configured to generate a terminal side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
鉴权Key值发送单元,用于将针对所述目标视频的终端侧鉴权Key值发送给所述服务器。The authentication key value sending unit is configured to send the terminal side authentication key value for the target video to the server.
在本发明实施例中,所述鉴权Key值生成单元,具体用于:In the embodiment of the present invention, the authentication key value generating unit is specifically configured to:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的终端侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a terminal side authentication key value for the target video.
在本发明实施例中,所述视频流地址请求中携带的请求识别标识组,包括:In the embodiment of the present invention, the request identification identifier group carried in the video stream address request includes:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如 下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of the time at which the user terminal sends the video stream address request, and At least one terminal feature of the user terminal: the token when the user logs in to the server, the unique ID of the user terminal, and the current IP address of the user terminal.
在本发明实施例中,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,第二Key值包括所述观看用户的权限范围内的各个网络直播视频的视频类型识别码和所在的房间标识码。In the embodiment of the present invention, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the rights of the viewing user. The video type identification code and the room identification code of each webcast video in the range.
另外,在一个优选方式中,服务器将第一Key值和第二Key值发送给终端的同时,服务器还会生成一个随机数(客户端每次请求都会重新生成),也发送给终端,此随机数会和终端特征一起计算得到最终的鉴权Key值,增加此随机数的好处是,由于时间参数一个维度不能完全保障计算的值总是变化的,因为时间数据是有规律的,所以在此增加一个服务器下发一个随机数,那么从而进一步的加强了最终生成的鉴权Key值的随机性。In addition, in a preferred mode, the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal. The number will be calculated together with the terminal characteristics to obtain the final authentication key value. The advantage of increasing this random number is that the time value cannot be completely guaranteed because one dimension of the time parameter always changes, because the time data is regular, so here Adding a server to send a random number further strengthens the randomness of the finally generated authentication key value.
由于本视频请求装置为实施本发明实施例前述视频请求方法所采用的电子设备,故而基于本发明视频请求方法实施例所介绍的方法,本领域所属人员能够了解该视频请求装置的具体结构及变形,故而在此不再赘述。凡是本发明视频请求方法所采用的装置都属于本发明所欲保护的范围。The present video requesting device is an electronic device used in the foregoing video requesting method according to the embodiment of the present invention. Therefore, those skilled in the art can understand the specific structure and deformation of the video requesting device based on the method described in the video requesting method embodiment of the present invention. Therefore, it will not be repeated here. The apparatus used in the video request method of the present invention is within the scope of the present invention.
通过上述本发明提供的技术方案,至少具有如下技术效果或优点:The technical solution provided by the above invention has at least the following technical effects or advantages:
通过本发明提供的技术方案:接收用户终端发送的针对目标视频的视频流地址请求时;如果用户终端对应的观看用户对所述目标视频有观看权限,向用户终端返回用于表征目标视频的视频类型的第一Key值和用于表征观看用户的权限范围的第二Key值;接收到用户终端发送的基于第一Key值与第二Key值生成的针对目标视频的终端侧鉴权Key值时向述用户终端返回目标视频。可见是根据目标视频的视频类型、观看用户的权限范围进行视频流地址进行鉴权验证,从而对于目标视频的类型不同、观看用户的权限范围不同,都会计算出不同的服务器侧和终端侧的用于对视频流地址进行鉴权的鉴权KEY值,服务器只针对基于第一、二KEY值生成了鉴权KEY值的用户终端返回请求的目标视频,因此只有真正有对目标视频有观看权限的用户才能从服务器获取到目标视频,否则服务器会拒绝下发目标视频。从而极大加强了对视频流地址鉴权的准确性,能够避免视频流地址被非法获取,因此提高了视频流地址的安全性。The technical solution provided by the present invention is: receiving a video stream address request for a target video sent by a user terminal; and if the viewing user corresponding to the user terminal has viewing rights to the target video, returning a video for characterizing the target video to the user terminal a first Key value of the type and a second Key value for characterizing a permission range of the viewing user; receiving the terminal-side authentication Key value for the target video generated by the user terminal based on the first Key value and the second Key value Return the target video to the user terminal. It can be seen that the video stream address is authenticated according to the video type of the target video and the permission range of the viewing user, so that different types of the target video and different viewing rights of the viewing user are calculated, and different server side and terminal side are calculated. For the authentication KEY value for authenticating the video stream address, the server only returns the requested target video for the user terminal that generates the authentication KEY value based on the first and second KEY values, so only the viewing rights of the target video are actually available. The user can obtain the target video from the server, otherwise the server will refuse to deliver the target video. Therefore, the accuracy of authenticating the video stream address is greatly enhanced, and the video stream address can be prevented from being illegally acquired, thereby improving the security of the video stream address.
在一个优选方案中,服务器在将第一Key值和第二Key值发送给终端基础上,同时服务器还会生成一个随机数(客户端每次请求都会重新生成),也发送给终端,此随机数会和终端特征一并计算得到最终的鉴权Key值,增加此随机数的好处是,由于时间参数一个维度不能完全保障计算的值总是变化的,因为时间数据是有规律的,所以在此增加一个随机数,那么从而进一步的加强了 最终生成的鉴权Key值的随机性。In a preferred solution, the server sends the first key value and the second key value to the terminal, and the server also generates a random number (the client regenerates each request) and sends the same to the terminal. The number and the terminal feature are combined to calculate the final authentication key value. The advantage of increasing the random number is that the time value cannot be completely guaranteed because one dimension of the time parameter always changes, because the time data is regular, so This adds a random number, which further strengthens The randomness of the final generated authentication key value.
进一步的,通过视频流地址请求中携带有请求识别标识组,包括用户终端发送视频流地址请求所在时刻的时间标识,从而生成的服务器侧和终端侧的鉴权KEY值均依赖于不具重复性和复制性的时间标识,使得进一步确保了每次计算出来的鉴权KEY值不会被模仿,所以当一个观看用户请求到正确地址后是无法给其他观看用户使用的,因为一个视频流地址只能使用一次。Further, the video stream address request carries the request identification identifier group, including the time identifier of the time when the user terminal sends the video stream address request, so that the generated authentication KEY values of the server side and the terminal side are dependent on non-repetitiveness and The reproducible time identifier further ensures that the calculated authentication KEY value will not be imitated every time, so when a viewing user requests the correct address, it cannot be used by other viewing users because a video stream address can only be used. Use once.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While the preferred embodiment of the invention has been described, it will be understood that Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and the modifications and
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims (10)

  1. 一种视频播放方法,应用于服务器,其特征在于,所述方法包括:A video playing method is applied to a server, wherein the method includes:
    接收用户终端发送的针对目标视频的视频流地址请求;Receiving a video stream address request for the target video sent by the user terminal;
    如果所述用户终端对应的观看用户对所述目标视频有观看权限,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值,或者,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值、用于表征所述观看用户的权限范围的第二Key值以及随机数;Returning, to the user terminal, a first Key value for characterizing a video type of the target video and a permission range for characterizing the viewing user, if a viewing user corresponding to the user terminal has viewing rights to the target video a second Key value, or returning, to the user terminal, a first Key value for characterizing a video type of the target video, a second Key value for characterizing a permission range of the viewing user, and a random number;
    接收到所述用户终端发送的基于所述第一Key值与所述第二Key值生成的针对所述目标视频的终端侧鉴权Key值时,或者,接收到所述用户终端发送的基于所述第一Key值、所述第二Key值以及所述随机数生成的针对所述目标视频的终端侧鉴权Key值时,向所述用户终端返回所述目标视频。Receiving, by the user terminal, a terminal-side authentication key value for the target video generated based on the first key value and the second key value, or receiving a base station sent by the user terminal When the first key value, the second key value, and the terminal-side authentication key value generated by the random number for the target video are generated, the target video is returned to the user terminal.
  2. 如权利要求1所述的视频播放方法,其特征在于,如果所述视频流地址请求中携带有所述观看用户的用户识别信息,所述方法还包括:The video playing method according to claim 1, wherein if the video stream address request carries the user identification information of the viewing user, the method further includes:
    根据所述用户识别信息与所述权限范围的对应关系,判别所述观看用户是否对所述目标视频有观看权限。Determining whether the viewing user has viewing rights to the target video according to the correspondence between the user identification information and the permission range.
  3. 如权利要求1所述的视频播放方法,其特征在于,如果所述视频流地址请求中携带有请求识别标识组,在所述接收用户终端发送的针对目标视频的视频流地址请求之后,所述方法还包括:The video playing method according to claim 1, wherein if the video stream address request carries a request identification identifier group, after the receiving user terminal sends a video stream address request for the target video, the The method also includes:
    基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值,或者,基于所述第一Key值、所述第二Key值、所述随机数和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值;Generating a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, or based on the first key value and the second key a value, the random number, and the request identification identifier group generate a server side authentication key value for the target video;
    将接收到的鉴权Key值分别与针对所述目标视频的服务器侧鉴权Key值进行对比是否一致;Comparing the received authentication key values with the server-side authentication key values for the target video respectively;
    如果一致,表征接收到的鉴权Key值为针对所述目标视频的终端侧鉴权Key值。If consistent, the received authentication key value is a terminal-side authentication key value for the target video.
  4. 如权利要求3所述的视频播放方法,其特征在于,A video playing method according to claim 3, characterized in that
    所述基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值,包括:将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的服务器侧鉴权Key值;或者,And generating the server-side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, including: the first key value and the first Entering the MD5 algorithm to calculate an intermediate key value, and inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a server side authentication key value for the target video; or
    所述基于所述第一Key值、所述第二Key值、所述随机数和所述请求识别 标识组生成针对所述目标视频的服务器侧鉴权Key值,包括:将所述第一Key值、所述第二Key值、所述随机数输入MD5算法,以运算得到中间Key值;将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的服务器侧鉴权Key值。The identifying based on the first Key value, the second Key value, the random number, and the request The identifier group generates a server-side authentication key value for the target video, including: inputting the first key value, the second key value, and the random number into an MD5 algorithm to obtain an intermediate key value; The intermediate key value and the request identification identifier group input an RSA encryption algorithm to obtain a server side authentication key value for the target video.
  5. 如权利要求3或4所述的视频播放方法,其特征在于,所述请求识别标识组,包括:The video playing method according to claim 3 or 4, wherein the requesting the identification of the identification group comprises:
    表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
  6. 如权利要求5所述的视频播放方法,其特征在于,还包括:The video playing method of claim 5, further comprising:
    获取服务器系统时间;Obtain server system time;
    以所述系统时间为基准,判断所述时间标识表征的所述用户终端发送所述视频流地址请求的时间与所述系统时间相差是否在预设的上报时间阈值之内,如果是,则确定所述视频流地址请求的上报时间正确,否则,确定所述视频流地址请求的上报时间错误,拒绝所述视频流地址请求。Determining, by using the system time, whether the time that the user terminal is configured to send the video stream address request and the system time is within a preset reporting time threshold, and if yes, determining The reporting time of the video stream address request is correct. Otherwise, the reporting time of the video stream address request is determined to be incorrect, and the video stream address request is rejected.
  7. 如权利要求5所述的视频播放方法,其特征在于,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,所述第二Key值包括所述观看用户的权限范围内的各个网络直播视频所属的直播类型识别码和所在的房间标识码。The video playing method according to claim 5, wherein if the target video is a target network live video, the request identification identifier group further includes a room identification code of the target network live video, where the The second Key value includes a live type identification code and a room identification code of each live webcast video in the scope of the viewing user's rights.
  8. 一种视频请求方法,应用于用户终端,其特征在于,包括:A video request method is applied to a user terminal, and includes:
    向服务器发送针对目标视频的视频流地址请求;Sending a video stream address request for the target video to the server;
    接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;或者,接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值、用于表征所述观看用户的权限范围的第二Key值以及随机数;Receiving, by the server, a first Key value for characterizing a video type of the target video and a second Key value for characterizing a permission range of the viewing user; or receiving a representation for returning by the server a first Key value of a video type of the target video, a second Key value for characterizing a permission range of the viewing user, and a random number;
    根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,或者,根据所述第一Key值、所述第二Key值以及所述随机数生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,以使所述服务器接收到针对所述目标视频的终端侧鉴权Key值时向所述用户终端返回所述目标视频;Generating, by the first key value and the second key value, a terminal-side authentication key value for the target video, and sending the value to the server, or according to the first key value and the second key value. And generating, by the random number, a terminal side authentication key value for the target video, and sending the value to the server, so that the server receives the terminal side authentication key value for the target video to the user terminal Returning the target video;
    从所述服务器接收所述目标视频。Receiving the target video from the server.
  9. 如权利要求8所述的视频请求方法,其特征在于,如果所述视频流地址请求中携带有请求识别标识组;The video request method according to claim 8, wherein the video stream address request carries a request identification identifier group;
    所述根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端 侧鉴权Key值并发送给所述服务器,包括:基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值;将针对所述目标视频的终端侧鉴权Key值发送给所述服务器;Generating, according to the first Key value and the second Key value, a terminal for the target video And the side authentication key value is sent to the server, including: generating a terminal side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group; Sending, to the server, a terminal side authentication key value of the target video;
    或者,所述根据所述第一Key值、所述第二Key值以及所述随机数生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,包括:基于所述第一Key值、所述第二Key值、所述随机数和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值;将针对所述目标视频的终端侧鉴权Key值发送给所述服务器。10、一种视频播放装置,应用于服务器,其特征在于,所述视频播放装置包括:Or generating, by the first key value, the second key value, and the random number, a terminal side authentication key value for the target video and sending the value to the server, including: a key value, the second key value, the random number, and the request identification identifier group generate a terminal side authentication key value for the target video; and send a terminal side authentication key value for the target video to The server. A video playback device, applied to a server, wherein the video playback device comprises:
    地址请求接收模块,用于接收用户终端发送的针对目标视频的视频流地址请求;An address request receiving module, configured to receive a video stream address request for the target video sent by the user terminal;
    Key值发送模块,用于如果所述用户终端对应的观看用户对所述目标视频有观看权限,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值,或者向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值、用于表征所述观看用户的权限范围的第二Key值以及随机数;a Key value sending module, configured to return, to the user terminal, a first Key value for characterizing a video type of the target video and for characterization if a viewing user corresponding to the user terminal has viewing rights to the target video Viewing a second Key value of the user's permission range, or returning to the user terminal a first Key value for characterizing the video type of the target video, and a second key for characterizing the permission range of the viewing user Value and random number;
    视频返回模块,用于接收到所述用户终端发送的基于所述第一Key值与所述第二Key值生成的针对所述目标视频的终端侧鉴权Key值时,或者用于接收到所述用户终端发送的基于所述第一Key值、所述第二Key值与所述随机数生成的针对所述目标视频的终端侧鉴权Key值时,向所述用户终端返回所述目标视频。a video returning module, configured to receive, when used by the user terminal, a terminal-side authentication key value for the target video generated by using the first key value and the second key value, or for receiving a location Returning the target video to the user terminal when the terminal-side authentication key value for the target video generated by the user terminal is generated based on the first key value, the second key value, and the random number .
  10. 一种视频请求装置,应用于用户终端,其特征在于,所述视频请求装置包括:A video requesting device is applied to a user terminal, wherein the video requesting device includes:
    地址请求发送模块,用于向服务器发送针对目标视频的视频流地址请求;An address request sending module, configured to send a video stream address request for the target video to the server;
    Key值接收模块,用于接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值,或者用于接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值、用于表征所述观看用户的权限范围的第二Key值以及随机数;a Key value receiving module, configured to receive a first Key value returned by the server for characterizing a video type of the target video, and a second Key value for characterizing a permission range of the viewing user, or for receiving Determining, by the server, a first Key value for characterizing a video type of the target video, a second Key value for characterizing a permission range of the viewing user, and a random number;
    鉴权Key值获取模块,用于根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,或者用于根据所述第一Key值、所述第二Key值以及所述随机数生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,以使所述服务器接收到针对所述目标视频的终端侧鉴权Key值时向所述用户终端返回所述目标视频。 An authentication key value obtaining module, configured to generate, according to the first key value and the second key value, a terminal side authentication key value for the target video, and send the value to the server, or according to the foregoing a Key value, the second Key value, and the random number generate a terminal side authentication Key value for the target video and send the value to the server, so that the server receives the terminal side for the target video The target video is returned to the user terminal when the Key value is authenticated.
PCT/CN2017/081237 2017-03-31 2017-04-20 Video request and video playing method and apparatus WO2018176531A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710206554.0 2017-03-31
CN201710206554.0A CN107426589B (en) 2017-03-31 2017-03-31 A kind of video request, video broadcasting method and device

Publications (1)

Publication Number Publication Date
WO2018176531A1 true WO2018176531A1 (en) 2018-10-04

Family

ID=60423889

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/CN2017/081237 WO2018176531A1 (en) 2017-03-31 2017-04-20 Video request and video playing method and apparatus
PCT/CN2017/107056 WO2018176816A1 (en) 2017-03-31 2017-10-20 Video requesting and playing method and device

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/107056 WO2018176816A1 (en) 2017-03-31 2017-10-20 Video requesting and playing method and device

Country Status (2)

Country Link
CN (1) CN107426589B (en)
WO (2) WO2018176531A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110012301B (en) * 2018-01-04 2022-01-04 武汉斗鱼网络科技有限公司 Authentication method and device for video stream address
CN112770143B (en) * 2019-11-01 2022-08-02 腾讯科技(深圳)有限公司 Interactive video playing system and method
CN112600806B (en) * 2020-12-04 2023-04-28 广州酷狗计算机科技有限公司 Audio playing method, device, server and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130266138A1 (en) * 2012-04-10 2013-10-10 Microsoft Corporation Content encryption key management
CN103686241A (en) * 2013-12-23 2014-03-26 珠海迈科电子科技有限公司 Method and device for anti-theft chain of set top box
CN104811773A (en) * 2015-04-28 2015-07-29 天脉聚源(北京)传媒科技有限公司 Hotlinking prevention-based channel playing implementation method, system and equipment
US20160119438A1 (en) * 2014-10-23 2016-04-28 Google Inc. Systems and methods of sharing media and data content across devices through local proximity
CN105721411A (en) * 2015-05-15 2016-06-29 乐视云计算有限公司 Method for preventing hotlinking, server and client terminalfor preventing hotlinking
CN105915494A (en) * 2015-12-07 2016-08-31 乐视云计算有限公司 Anti-stealing-link method and system
CN106028064A (en) * 2016-06-24 2016-10-12 武汉斗鱼网络科技有限公司 Live broadcasting video streaming playing address authorization verification method and system

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100592785C (en) * 2005-05-30 2010-02-24 Ut斯达康通讯有限公司 System for managing digital copyright, and system of operating network TV
US8893302B2 (en) * 2005-11-09 2014-11-18 Motorola Mobility Llc Method for managing security keys utilized by media devices in a local area network
CN102025749B (en) * 2011-01-18 2013-12-11 中国联合网络通信集团有限公司 Anti-theft method of mobile streaming media service
WO2015063933A1 (en) * 2013-10-31 2015-05-07 株式会社 東芝 Content playback device, content playback method, and content playback system
CN105721903B (en) * 2014-12-26 2017-12-12 乐视网信息技术(北京)股份有限公司 The online method and system for playing video
US20160360282A1 (en) * 2015-01-27 2016-12-08 Charter Communications Operating, Llc System and method of content streaming and downloading
CN105307052B (en) * 2015-10-27 2018-09-25 无锡天脉聚源传媒科技有限公司 A kind of video request processing method and processing device
CN105872626A (en) * 2015-12-15 2016-08-17 乐视网信息技术(北京)股份有限公司 Video playing method and device
CN105847881B (en) * 2016-03-31 2019-07-09 武汉斗鱼网络科技有限公司 A kind of illegal-broadcast preventing video player and server and system
CN106230860B (en) * 2016-09-06 2020-09-25 腾讯科技(深圳)有限公司 Method and device for transmitting streaming media

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130266138A1 (en) * 2012-04-10 2013-10-10 Microsoft Corporation Content encryption key management
CN103686241A (en) * 2013-12-23 2014-03-26 珠海迈科电子科技有限公司 Method and device for anti-theft chain of set top box
US20160119438A1 (en) * 2014-10-23 2016-04-28 Google Inc. Systems and methods of sharing media and data content across devices through local proximity
CN104811773A (en) * 2015-04-28 2015-07-29 天脉聚源(北京)传媒科技有限公司 Hotlinking prevention-based channel playing implementation method, system and equipment
CN105721411A (en) * 2015-05-15 2016-06-29 乐视云计算有限公司 Method for preventing hotlinking, server and client terminalfor preventing hotlinking
CN105915494A (en) * 2015-12-07 2016-08-31 乐视云计算有限公司 Anti-stealing-link method and system
CN106028064A (en) * 2016-06-24 2016-10-12 武汉斗鱼网络科技有限公司 Live broadcasting video streaming playing address authorization verification method and system

Also Published As

Publication number Publication date
CN107426589B (en) 2018-08-10
WO2018176816A1 (en) 2018-10-04
CN107426589A (en) 2017-12-01

Similar Documents

Publication Publication Date Title
US11615386B1 (en) Block chain authentication systems and methods
US10637855B2 (en) Enhanced authentication for secure communications
US20190340384A1 (en) Key providing method, video playing method, server and client
JP4617763B2 (en) Device authentication system, device authentication server, terminal device, device authentication method, and device authentication program
US9032497B2 (en) System and method for securing embedded media
CN108769067B (en) Authentication verification method, device, equipment and medium
KR102219277B1 (en) System and method for controlling the delivery of authenticated content
CN106571951B (en) Audit log obtaining method, system and device
WO2019134233A1 (en) Method for generating network token, device, terminal apparatus, and storage medium
US11640448B2 (en) License confirmation via embedded confirmation challenge
WO2020000786A1 (en) Voting method and apparatus, and computer device and computer readable storage medium
US9276741B2 (en) Content encryption key management
US9215064B2 (en) Distributing keys for decrypting client data
JPWO2019239591A1 (en) Authentication system, authentication method, application provider, authentication device, and authentication program
US10764294B1 (en) Data exfiltration control
CN110662091B (en) Third-party live video access method, storage medium, electronic device and system
WO2019001083A1 (en) Authentication method and device for video stream address
CN108881966B (en) Information processing method and related equipment
CN107145769A (en) A kind of digital rights management method about DRM, equipment and system
WO2019071859A1 (en) Method and apparatus for preventing gift swiping on live broadcast platform
CN108259183B (en) Attention method, attention device, attention electronic equipment and attention medium
WO2018176531A1 (en) Video request and video playing method and apparatus
Huang et al. A token-based user authentication mechanism for data exchange in RESTful API
WO2020062667A1 (en) Data asset management method, data asset management device and computer readable medium
WO2013170822A2 (en) Method and device for processing password for logging into server

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17903557

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17903557

Country of ref document: EP

Kind code of ref document: A1